Lucene search
+L

4 matches found

redhatcve
redhatcve
added 2025/03/22 11:40 a.m.9 views

CVE-2024-11449

A vulnerability in haotian-liu/llava version 1.2.0 LLaVA-1.6 allows for Server-Side Request Forgery SSRF through the /run/predict endpoint. An attacker can gain unauthorized access to internal networks or the AWS metadata endpoint by sending crafted requests that exploit insufficient validation o...

7.5CVSS6.9AI score0.00646EPSS
Exploits1References1
nvd
nvd
added 2025/03/20 10:15 a.m.13 views

CVE-2024-11449

A vulnerability in haotian-liu/llava version 1.2.0 LLaVA-1.6 allows for Server-Side Request Forgery SSRF through the /run/predict endpoint. An attacker can gain unauthorized access to internal networks or the AWS metadata endpoint by sending crafted requests that exploit insufficient validation o...

7.5CVSS0.00646EPSS
Exploits1References1
cve
cve
added 2025/03/20 10:8 a.m.45 views

CVE-2024-11449

CVE-2024-11449 stems from haotian-liu/llava v1.2.0 (LLaVA-1.6) with insufficient validation of the path parameter on the "/run/predict" endpoint, enabling Server-Side Request Forgery (SSRF). An attacker can access internal networks or AWS metadata by sending crafted requests, leading to unauthori...

7.5CVSS7.6AI score0.00646EPSS
Exploits1References1Affected Software1
cvelist
cvelist
added 2025/03/20 10:8 a.m.15 views

CVE-2024-11449 Server-Side Request Forgery in haotian-liu/llava

A vulnerability in haotian-liu/llava version 1.2.0 LLaVA-1.6 allows for Server-Side Request Forgery SSRF through the /run/predict endpoint. An attacker can gain unauthorized access to internal networks or the AWS metadata endpoint by sending crafted requests that exploit insufficient validation o...

7.5CVSS0.00646EPSS
Exploits1References1
Rows per page
Query Builder